Commit graph

8742 commits

Author SHA1 Message Date
Janos Follath
ffbd7e8ff3 Improve mbedtls_ecp_point_read_binary tests
Renamed the tests because they are explicitly testing Curve25519 and
nothing else. Improved test coverage, test documentation and extended
in-code documentation with a specific reference to the standard as well.
2019-02-25 11:49:54 +00:00
Janos Follath
7caf8e452f Add Montgomery points to ecp_point_write_binary
The library is able to perform computations and cryptographic schemes on
curves with x coordinate ladder representation. Here we add the
capability to export such points.
2019-02-22 15:42:18 +00:00
Janos Follath
ab0f71a22a ECDH: Add test vectors for Curve25519
The test vectors added are published in RFC 7748.
2019-02-22 15:42:03 +00:00
Janos Follath
e344d0f6fc Add little endian export to Bignum
The function `mbedtls_mpi_write_binary()` writes big endian byte order,
but we need to be able to write little endian in some caseses. (For
example when handling keys corresponding to Montgomery curves.)

Used `echo xx | tac -rs ..` to transform the test data to little endian.
2019-02-22 15:41:31 +00:00
Janos Follath
171a7efd02 Add mbedtls_ecp_read_key
The private keys used in ECDH differ in the case of Weierstrass and
Montgomery curves. They have different constraints, the former is based
on big endian, the latter little endian byte order. The fundamental
approach is different too:
- Weierstrass keys have to be in the right interval, otherwise they are
  rejected.
- Any byte array of the right size is a valid Montgomery key and it
  needs to be masked before interpreting it as a number.

Historically it was sufficient to use mbedtls_mpi_read_binary() to read
private keys, but as a preparation to improve support for Montgomery
curves we add mbedtls_ecp_read_key() to enable uniform treatment of EC
keys.

For the masking the `mbedtls_mpi_set_bit()` function is used. This is
suboptimal but seems to provide the best trade-off at this time.
Alternatives considered:
- Making a copy of the input buffer (less efficient)
- removing the `const` constraint from the input buffer (breaks the api
and makes it less user friendly)
- applying the mask directly to the limbs (violates the api between the
modules and creates and unwanted dependency)
2019-02-22 15:39:03 +00:00
Janos Follath
59b813c7be Add Montgomery points to ecp_point_read_binary
The library is able to perform computations and cryptographic schemes on
curves with x coordinate ladder representation. Here we add the
capability to import such points.
2019-02-22 15:38:46 +00:00
Janos Follath
a778a94b7d Add little endian import to Bignum
The function `mbedtls_mpi_read_binary()` expects big endian byte order,
but we need to be able to read from little endian in some caseses. (For
example when handling keys corresponding to Montgomery curves.)

Used `echo xx | tac -rs .. | tr [a-z] [A-Z]` to transform the test data
to little endian and `echo "ibase=16;xx" | bc` to convert to decimal.
2019-02-22 15:38:32 +00:00
Gilles Peskine
3081629de4 Fix mbedtls_ecdh_get_params with new ECDH context
The new check for matching groups in mbedtls_ecdh_get_params only worked
with legacy ECDH contexts. Make it work with the new context format.
2019-02-22 13:04:23 +01:00
Gilles Peskine
e023c80477 Test undefining MBEDTLS_ECDH_LEGACY_CONTEXT in all.sh
Test that the library works with the new context format.
2019-02-22 13:04:23 +01:00
Gilles Peskine
43f564f29d Define MBEDTLS_ECDH_LEGACY_CONTEXT in config.h
Define MBEDTLS_ECDH_LEGACY_CONTEXT in config.h instead of hard-coding
this in ecdh.h so that its absence can be tested. Document it as
experimental so that we reserve the right to change it in the future.
2019-02-22 13:04:20 +01:00
Gilles Peskine
ccf8ba0e6d Add changelog entry for mbedtls_ecdh_get_params robustness 2019-02-22 10:21:46 +01:00
Gilles Peskine
0b1b71d712 Fix ecdh_get_params with mismatching group
If mbedtls_ecdh_get_params is called with keys belonging to
different groups, make it return an error the second time, rather than
silently interpret the first key as being on the second curve.

This makes the non-regression test added by the previous commit pass.
2019-02-22 10:21:46 +01:00
Gilles Peskine
c4dff06f31 Add test case for ecdh_get_params with mismatching group
Add a test case for doing an ECDH calculation by calling
mbedtls_ecdh_get_params on both keys, with keys belonging to
different groups. This should fail, but currently passes.
2019-02-22 10:21:31 +01:00
Gilles Peskine
552563b741 Add test case for ecdh_calc_secret
Add a test case for doing an ECDH calculation by calling
mbedtls_ecdh_get_params on both keys, then mbedtls_ecdh_calc_secret.
2019-02-22 10:20:07 +01:00
Gilles Peskine
13cf3eca5b Fix typo in documentation 2019-02-21 17:29:22 +01:00
Manuel Pégourié-Gonnard
9c99dc862c
Merge pull request #2395 from ARMmbed/development-psa-merged-dev-8e76332
Merge updated development-psa into development
2019-02-18 11:55:54 +01:00
Andrzej Kurek
064128c1b0 Update submodule pointer to commit 0574e6a of mbed-crypto/development 2019-02-15 10:20:05 -05:00
Andrzej Kurek
1b20be59e2 Write documentation for TEST_ASSERT 2019-02-15 10:13:35 -05:00
Jaeden Amero
2d7926674d psa_utils: Make fallthrough clear for compilers
Silence a compiler warning about implicit fallthrough by using a comment
format the compiler understand to mean that the fallthrough is
intentional.

  In file included from library/cipher.c:63:0:
  include/mbedtls/psa_util.h: In function ‘mbedtls_psa_translate_cipher_mode’:
  include/mbedtls/psa_util.h:91:15: error: this statement may fall through [-Werror=implicit-fallthrough=]
               if( taglen == 0 )
                 ^
  include/mbedtls/psa_util.h:94:9: note: here
           default:
           ^~~~~~~
  cc1: all warnings being treated as errors

  $ gcc --version
  gcc (Ubuntu 7.3.0-27ubuntu1~18.04) 7.3.0
  Copyright (C) 2017 Free Software Foundation, Inc.
  This is free software; see the source for copying conditions.  There is NO
  warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
2019-02-15 09:50:38 -05:00
Andrzej Kurek
eb5087126f all.sh: add a seedfile generation step
When using PSA with MBEDTLS_ENTROPY_NV_SEED, some test suites
require the seed file for PSA initialization, which was normally generated
later, when entropy tests were run. This change creates an initial seedfile
in all.sh.
2019-02-14 07:18:59 -05:00
Andrzej Kurek
c058773798 Update submodule pointer to dea02cc8b 2019-02-14 05:28:21 -05:00
Jaeden Amero
3ea2687053 psa: Initialize crypto in tests that need to
Don't unconditionally enable PSA Crypto for all tests. Only enable it in
tests that require it. This allows crypto tests to check that
psa_crypto_init() fails when it is supposed to fail, since we want to
perform some action in a test, and then call psa_crypto_init() and check
the result without it having been called previously.
2019-02-13 07:34:54 -05:00
Andrzej Kurek
08b807a161 Update crypto submodule version to commit f54597144874
Use mbed-crypto repository in gitmodules file
2019-02-11 08:45:41 -05:00
Jaeden Amero
6f7703df3a rsa: Enable use of zero-length null output
Enable handling of zero-length null output in PKCS1 v1.5 decryption.
Prevent undefined behavior by avoiding a memcpy() to zero-length null
output buffers.
2019-02-11 03:39:51 -05:00
Gilles Peskine
004f87b98d RSA encryption: accept input=NULL if ilen=0
In mbedtls_rsa_rsaes_oaep_encrypt and
mbedtls_rsa_rsaes_pkcs1_v15_encrypt, if the input length is 0 (which
is unusual and mostly useless, but permitted) then it is fine for the
input pointer to be NULL. Don't return an error in this case.

When `input` is NULL, `memcpy( p, input, ilen )` has undefined behavior
even if `ilen` is zero. So skip the `memcpy` call in this case.
Likewise, in `mbedtls_rsa_rsaes_oaep_decrypt`, skip the `memcpy` call if
`*olen` is zero.
2019-02-11 03:39:21 -05:00
Jaeden Amero
fb236739da Revert "Forbid passing NULL input buffers to RSA encryption routines"
Resolve incompatibilties in the RSA module where changes made for
parameter validation prevent Mbed Crypto from working. Mbed Crypto
depends on being able to pass zero-length buffers that are NULL to RSA
encryption functions.

This reverts commit 2f660d047d.
2019-02-08 08:43:31 -05:00
Andrzej Kurek
02f39ace58 Adjust documentation of mbedtls_cipher_update_ad 2019-02-08 06:50:55 -05:00
Andrzej Kurek
57f04e56c1 Adjust documentation of mbedtls_cipher_update_ad
Fix indentation and capitalization
2019-02-08 06:44:43 -05:00
Andrzej Kurek
3c2b15d31e Update version_features file 2019-02-08 02:38:45 -05:00
Andrzej Kurek
85ac0aeb58 Update submodule version to include parameter validation for rsa.c 2019-02-07 09:09:13 -05:00
Andrzej Kurek
172457460b Add MBEDTLS_PSA_HAS_ITS_IO to config.pl exclude list 2019-02-07 08:49:53 -05:00
Andrzej Kurek
d3643ef29b Add PSA defines to config.pl exclude list 2019-02-07 07:41:27 -05:00
Andrzej Kurek
70d8a5b5d9 Update crypto submodule version to 94a3abcd 2019-02-07 07:40:33 -05:00
Andrzej Kurek
1767e40368 all.sh: fix submodule test names 2019-02-05 06:05:49 -05:00
Andrzej Kurek
8a2e97c2df Merge development-psa commit 80b5662 into development-psa-merged branch
Adjust crypto submodule version to use new, forked crypto version accordingly.
2019-02-05 06:02:51 -05:00
Andrzej Kurek
e9c3b8130a all.sh: move crypto submodule check to pre_check_git 2019-02-05 05:34:21 -05:00
Andrzej Kurek
c690523d2b Merge PSA config and check-config changes
Introduce MBEDTLS_PSA_HAS_ITS_IO, MBEDTLS_PSA_CRYPTO_SPM,
MBEDTLS_PSA_CRYPTO_STORAGE_C, MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C,
MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C.
Disable crypto storage by default.
2019-02-05 05:26:00 -05:00
Andrzej Kurek
d142856846 cipher: remove unnecessary precondition
Already checked by parameter validation macros
2019-02-05 05:11:03 -05:00
Andrzej Kurek
efed323698 pk: restructure precondition check 2019-02-05 05:09:05 -05:00
Andrzej Kurek
b274f2739e Documentation fixes 2019-02-05 05:06:35 -05:00
Andrzej Kurek
fd0381a2c5 all.sh: change test_submodule to test_use_psa_crypto 2019-02-05 05:00:02 -05:00
Andrzej Kurek
8764ccc83d ChangeLog: rearrange misplaced sections.
Add information about  mbed TLS 2.15.0 and  mbed TLS 2.15.1.
2019-02-05 04:57:13 -05:00
Andrzej Kurek
246cc86f66 cipher: fix indentation 2019-02-05 04:40:53 -05:00
Jaeden Amero
80b566267f Merge remote-tracking branch 'origin/pr/2386' into development-psa 2019-02-04 16:42:23 +00:00
Jaeden Amero
d18b264eaf Merge remote-tracking branch 'origin/pr/2382' into development-psa 2019-02-04 16:41:46 +00:00
Jaeden Amero
65408c5f92 Merge remote-tracking branch 'origin/pr/2355' into development-psa 2019-02-04 16:41:12 +00:00
Jaeden Amero
d4a31d3581 Merge remote-tracking branch 'origin/pr/2350' into development-psa 2019-02-04 16:40:06 +00:00
Andrzej Kurek
1359a8f3c6 Update submodule version to point to fixed, forked repository 2019-02-04 07:32:12 -05:00
Hanno Becker
70fc6550cc Update Crypto submodule to merge of sibling PR 2019-02-01 13:08:41 +00:00
Andrzej Kurek
de5a007316 Merge development commit f352f7 into development-psa 2019-02-01 07:03:03 -05:00